CVE-2025-11371
Published: 09 October 2025
Description
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Security Summary
CVE-2025-11371 is an unauthenticated Local File Inclusion flaw (CWE-552) present in the default installation and configuration of Gladinet CentreStack and TrioFox. This vulnerability enables unintended disclosure of system files. It affects all versions of these products prior to and including 16.7.10368.56560, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Remote attackers require no authentication or privileges to exploit this issue over the network with low complexity and no user interaction. Successful exploitation allows attackers to read sensitive system files, resulting in high confidentiality impact but no disruption to integrity or availability.
Advisories and mitigation details are provided in the Huntress analysis at https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw, CentreStack's latest release notes at https://www.centrestack.com/p/gce_latest_release.html, and the CISA Known Exploited Vulnerabilities catalog entry at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371.
Exploitation of CVE-2025-11371 has been observed in the wild.
Details
- CWE(s)
- KEV Date Added
- 04 November 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated LFI vulnerability in public-facing Gladinet CentreStack/Triofox enables remote exploitation for initial access (T1190) and arbitrary disclosure of local system files, facilitating data collection from local system (T1005) and file/directory discovery (T1083).